Configuring Mutual Authentication

You can configure mutual authentication between an HTTP Client resource and an HTTP server.

1. Create a trust store keystore following the instructions in Creating a Trust Store Keystore with the public root certificate of the HTTP server. You do not need the private key of the HTTP server.
2. Create a trust store Keystore Provider resource template.
   1. Click the Browse button, select the keystore you created in Step 1, and click Open.
   2. In the Type drop-down list, select JKS.
   3. In the Password field, type the keystore password.
   4. Save the Keystore Provider resource template.
3. Create a keystore file that has the certificate containing the private key for the client. You can use the keytool utility to create such a keystore and import the client-side certificate. You can combine the two keystores if you choose to maintain a single keystore file that stores the client identity certificate as well as trusted certificates.
4. Create an identity Keystore Provider resource template.
   1. Click the Browse button, select the keystore you created in Step 3, and click Open.
   2. In the Type drop-down list, select JKS.
   3. In the Password field, type the keystore password.
   4. Save the Keystore Provider resource template.
5. Create an SSL Client Provider resource template.
   1. Configure the Keystore Provider as Trust Store field with the trust store Keystore Provider resource template you created.
   2. Check the Enable Mutual Authentication checkbox.
   3. Configure the Keystore Provider Having Identity field with a Keystore Provider resource template that you created.
   4. Save the SSL Client Provider resource template.
6. Configure the HTTP Client resource template to reference the SSL Client Provider resource template.
7. Install the HTTP Client resource on a node.
   The HTTP Client, SSL Client Provider, and Keystore Provider resource instances referenced by the HTTP Client resource instance are installed on the node.